The Ronin Network exploit happened in March and saw $600 million worth of Ethereum (ETH) and $25 million in USDC stolen.
The US Treasury’s Office of Foreign Asset Control (OFAC) has sanctioned three more Ethereum wallets linked to the recent hack on Ronin Network.
The new addresses have been connected to the North Korea hacking group Lazarus, OFAC said on Friday.
The OFAC revealed the addition of the three virtual currency addresses via an update to its Specially Designated Nationals (SDN) List published on 22 April. All three have ties to the activities of the North Korean state-sponsored hacker group Lazarus Group.
Notably, recent funds movement linked to the three wallets involves proceeds of the exploit on the Ronin blockchain.
“The DPRK has relied on illicit activities like cybercrime to generate revenue while trying to evade US and UN sanctions,” US Treasury tweeted.
The agency has warned that transacting with the designated wallet addresses “risks exposure to US sanctions.”
OFAC listed wallet addresses ‘blocked’
The addition of the three wallets comes just days after the department linked Lazarus Group to the $625 million heist.
On Friday, the original address used in the attack moved funds to various addresses using Tornado Cash – a mixing service that helps make transactions difficult to trace. The decentralised protocol, which helps make Ethereum transactions private, announced on 15 April that it would block any crypto wallets added to OFAC’s list.
Tornado Cash has reiterated that financial privacy remains “essential to preserving” financial freedom. However, privacy should not be pursued at the “cost of non-compliance,” it added.
In related developments, Binance reportedly recovered $5.8 million worth of funds stolen during the hack. According to Binance CEO Changpeng Zhao, the hackers had sent the funds to 86 accounts.